[HADOOP-17633] Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.0, 3.2.1, 3.2.2, 3.4.0
Fix Version/s: 3.3.1, 3.4.0, 3.2.3
Component/s: auth, build
Labels:
- pull-request-available

Target Version/s:

3.3.1, 3.4.0, 3.2.3
Hadoop Flags:

Reviewed

Description

Please upgrade the json-smart dependency to the latest version available.

Currently hadoop-auth is using version 2.3. Fortify scan picked up a security issue with this version. Please upgrade to the latest version.

Thanks!

Attachments

Issue Links

is related to

HADOOP-17844 Upgrade JSON smart to 2.4.7

Resolved

links to

GitHub Pull Request #2895

Activity

People

Assignee:: Viraj Jasani

Reporter:: helen huang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 11/Apr/21 15:27

Updated:: 21/Feb/22 09:49

Resolved:: 16/Apr/21 07:24

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

4h 20m